I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document introduces the turn: and turns: URI schemes. The security considerations point to the relevant documents, one of them being RFC 3958. Section 8 of RFC 3958 states that S-NAPTR application protocols "should define some form of end-to-end authentication to ensure that the correct destination has been reached." I think it would be useful to spell how TURN meets this or whether there are reasons why TURN does not need such a sanity check. (1-2 sentences should be enough.) /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 < http://www.jacobs-university.de/ >